DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-24
Note
1 A security tunnel supports permit and deny rules.
2 The global security tunnel takes no effect for an exception port.
3 The security tunnel policies enabled on an interface take
precedence over the global security tunnel.
4 Without IP authorization, using a security tunnel in 802.1x will
reduce the permitted authentication number at large extent,
which is in accordance with the one under IP authorization.
5 It is strongly recommended to configure a security tunnel before
authentication, so as to avoid the case that resource exhaustion
causes the authenticated users cannot access the Interface due
to the configuration of security tunnel midway.
6 If MAC-IP binding and MAC related binding under port security
are enabled on DES-7200 series, the related IP and MAC
policies configured on other ports do not function.
You can use an exist ACL to configure a security tunnel
In the privileged configuration mode, execute the following commands to configure a
global security tunnel:
Command Function
DES-7200# configure terminal
Enter the global configuration mode.
DES-7200(config)# security global
access-group acl-name
Configure a global security tunnel.
In the privileged configuration mode, execute the following commands to set an
exception port:
Command Function
DES-7200# configure terminal
Enter the global configuration mode.
DES-7200# interface interface-id
Enter the interface configuration mode.
DES-7200(config)# security uplink enable
Set the interface as an exception port..
If a security tunnel is configured under the interface, remove the security tunnel and
then set the interface as the exception port.
In the privileged configuration mode, execute the following commands to configure a
security tunnel on the interface:
Command Function
DES-7200# configure terminal
Enter the global configuration mode.
DES-7200# interface interface-id
Enter the interface configuration mode.